Privacy Policy

Last updated: March 2026

What We Collect

Stack Breach accesses OAuth metadata only — we detect which AI tools have been authorized and are being used in your workspace. We do not read emails, documents, files, or any content.

Specifically, we access:

  • OAuth authorization records (which apps are connected)
  • API access logs (which tools are being called)
  • Chrome extension manifests (installed browser extensions)
  • User counts per tool (anonymized by default)

What We Don't Collect

  • Email content or attachments
  • Documents, spreadsheets, or files
  • Chat messages or transcripts
  • Passwords or authentication tokens
  • Personal employee information beyond tool usage

Data Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). We use SOC 2 Type II compliant infrastructure. Your data is stored in EU data centers (Frankfurt, Germany) by default.

GDPR Rights

Under GDPR, you have the right to access, correct, delete, or export your data. To exercise these rights, contact privacy@stackbreach.io.

Data Processing Agreement

A DPA is available upon request for all paid plans. Contact support@stackbreach.io.

Data Retention

Scan results are retained for the duration of your subscription plus 30 days. Upon account deletion, all data is permanently removed within 72 hours.

Contact

For privacy-related inquiries: privacy@stackbreach.io

Stack Breach is a product of ChimeStream B.V., Rotterdam, Netherlands.